{"slug":"gensecaihq/wazuh-mcp-server","name":"Wazuh MCP Server","description":"AI-powered security operations with Wazuh SIEM + Claude Desktop. Natural language threat detection, automated incident response & compliance.","category":"other","tags":[],"official":false,"stars":178,"transport":"sse","install":null,"tools":[{"name":"get_wazuh_alerts","description":"Query, filter, search, and analyze alert data via Elasticsearch"},{"name":"get_wazuh_alert_summary","description":"Query, filter, search, and analyze alert data via Elasticsearch"},{"name":"analyze_alert_patterns","description":"Query, filter, search, and analyze alert data via Elasticsearch"},{"name":"search_security_events","description":"Query, filter, search, and analyze alert data via Elasticsearch"},{"name":"get_wazuh_agents","description":"Monitor agent status, running processes, open ports, and configs"},{"name":"get_wazuh_running_agents","description":"Monitor agent status, running processes, open ports, and configs"},{"name":"check_agent_health","description":"Monitor agent status, running processes, open ports, and configs"},{"name":"get_agent_processes","description":"Monitor agent status, running processes, open ports, and configs"},{"name":"get_agent_ports","description":"Monitor agent status, running processes, open ports, and configs"},{"name":"get_agent_configuration","description":"Monitor agent status, running processes, open ports, and configs"},{"name":"get_wazuh_vulnerabilities","description":"Query CVEs by severity, agent, and package"},{"name":"get_critical_vulnerabilities","description":"Query CVEs by severity, agent, and package"},{"name":"vulnerability_summary","description":"Query CVEs by severity, agent, and package"},{"name":"analyze_security_threat","description":"Threat analysis, IOC lookup, risk scoring, compliance checks"},{"name":"check_ioc_reputation","description":"Threat analysis, IOC lookup, risk scoring, compliance checks"},{"name":"perform_risk_assessment","description":"Threat analysis, IOC lookup, risk scoring, compliance checks"},{"name":"get_top_security_threats","description":"Threat analysis, IOC lookup, risk scoring, compliance checks"},{"name":"generate_security_report","description":"Threat analysis, IOC lookup, risk scoring, compliance checks"},{"name":"run_compliance_check","description":"Threat analysis, IOC lookup, risk scoring, compliance checks"},{"name":"get_wazuh_statistics","description":"Cluster health, rules, manager logs, stats"},{"name":"get_wazuh_cluster_health","description":"Cluster health, rules, manager logs, stats"},{"name":"get_wazuh_rules_summary","description":"Cluster health, rules, manager logs, stats"},{"name":"search_wazuh_manager_logs","description":"Cluster health, rules, manager logs, stats"},{"name":"wazuh_block_ip","description":"Block IPs, isolate hosts, kill processes, quarantine files"},{"name":"wazuh_isolate_host","description":"Block IPs, isolate hosts, kill processes, quarantine files"},{"name":"wazuh_kill_process","description":"Block IPs, isolate hosts, kill processes, quarantine files"},{"name":"wazuh_disable_user","description":"Block IPs, isolate hosts, kill processes, quarantine files"},{"name":"wazuh_quarantine_file","description":"Block IPs, isolate hosts, kill processes, quarantine files"},{"name":"wazuh_check_blocked_ip","description":"Verify active response actions took effect"},{"name":"wazuh_check_agent_isolation","description":"Verify active response actions took effect"},{"name":"wazuh_check_process","description":"Verify active response actions took effect"},{"name":"wazuh_check_user_status","description":"Verify active response actions took effect"},{"name":"wazuh_unisolate_host","description":"Undo active response actions"},{"name":"wazuh_enable_user","description":"Undo active response actions"},{"name":"wazuh_restore_file","description":"Undo active response actions"},{"name":"wazuh_firewall_allow","description":"Undo active response actions"},{"name":"wazuh_host_allow","description":"Undo active response actions"}],"env_vars":["MCP_API_KEY","WAZUH_HOST","WAZUH_PORT","AUTH_SECRET_KEY","REDIS_URL","WAZUH_INDEXER_HOST","WAZUH_INDEXER_PORT"],"auth_type":"none","github":"https://github.com/gensecaihq/Wazuh-MCP-Server","homepage":"","server_url":"","status":"active","source":"mcpservers.org","updated_at":"Thu May 28"}